[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Transport encryption
|
From: |
Richard Levitte - VMS Whacker |
|
Subject: |
Re: [Monotone-devel] Transport encryption |
|
Date: |
Mon, 10 Oct 2005 23:51:10 +0200 (CEST) |
In message <address@hidden> on Mon, 10 Oct 2005 12:32:54 -0700, Nathaniel Smith
<address@hidden> said:
njs> On Mon, Oct 10, 2005 at 06:45:12PM +0200, Michael Neumann wrote:
njs> > How hard would it be to implement transport enryption for Monotone?
njs>
njs> I don't have any particular plans to implement it myself, and
njs> writing my own crypto protocol makes me Very Very Nervous. And
njs> SSL and SSH libraries seem to be uniformly horrid.
I dunno any SSH library (yeah, I know there's a sshlib or libssh out
there, I just haven't looked at it), so I can't speak about them. If
you're talking about OpenSSL, I agree that the API could be quite a
bit better.
njs> As far as I can tell, for instance, it is simply not possible to
njs> write async SSL code using freely available docs.
Untrue, at least with OpenSSL. Simply set the underlying file
descriptors to noon-blocking and you're set.
njs> (Plus we have slightly funky requirements, like having our own
njs> keys that we want to use.)
Yeah, that's a different question...
njs> On the other hand, it's been pointed out that we actually do all
njs> the hard parts (secure authentication and integrity checking) of
njs> secure channel encryption, and we could just throw something like
njs> AES+CTR on top and go with it.
I'd throw in a bit of handshaking so client and server can agree on an
algorithm.
njs> (This would still leave out some parts whose importance is not
njs> obvious to me, like periodic re-keying.)
Considering the length of the sessions held by monotone, I'd say
re-keying is an utter waste of time. It *is* valuable for longer time
communication, like stelnet, for example.
Cheers,
Richard
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte address@hidden
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis
- [Monotone-devel] Transport encryption, Michael Neumann, 2005/10/10
- Re: [Monotone-devel] Transport encryption, Nathaniel Smith, 2005/10/10
- [Monotone-devel] Re: Transport encryption, Bruce Stephens, 2005/10/10
- Re: [Monotone-devel] Transport encryption,
Richard Levitte - VMS Whacker <=
- Re: [Monotone-devel] Transport encryption, Joel Crisp, 2005/10/11
- Re: [Monotone-devel] Transport encryption, Richard Levitte - VMS Whacker, 2005/10/11
- Re: [Monotone-devel] Transport encryption, Christof Petig, 2005/10/12
- Re: [Monotone-devel] Transport encryption, Daniel Carosone, 2005/10/12
- Re: [Monotone-devel] Transport encryption, Christof Petig, 2005/10/12
- Re: [Monotone-devel] Transport encryption, Christof Petig, 2005/10/12
- Re: [Monotone-devel] Transport encryption, Nathaniel Smith, 2005/10/11
- Re: [Monotone-devel] Transport encryption, Michael Neumann, 2005/10/11
- Re: [Monotone-devel] Transport encryption, Nathaniel Smith, 2005/10/12
- [Monotone-devel] Re: Transport encryption, Bruce Stephens, 2005/10/12